I would like to package a web interface which is using a module bundler (e.g. a react hello world). Reading through NodeJS Packaging wiki and the nodejs SIG doesn’t really helped me… Well I started to automate npm spec creation for a creat-react-app demo and for the grafana webui, but this resulted in thousands of spec files and a seemingly endless dependencies nesting (e.g. webpack3 html-plugin needs a special uglify-js which needs a special loader-utils …).

Are we supposed to package each requirements independently and list them as virtual provide bundled?
Then is there a robot to trigger rebuild when a bundled dependency get updated?

Or is there a plan to have a koji plugin or something to automate packages.json build requirements? E.g. to enable using “npm install” when building package, but using a set of approved package pulled from a local registry mirror.

Unfortunately, but once you get to the point of everything packaged - other applications can be packaged without creating yet another thousand of modules.

Agreed, but that’s a lot of work…

ignatenkobrain:

Then is there a robot to trigger rebuild when a bundled dependency get updated?

If you bundle everything, it’s only up to you to keep bundled version updated. If you packaged it separately, you don’t need to rebuild anything.

Because webpack automatically bundle build-requirements, it seems like we would have to rebuild the web-interface to benefit from the update.

paulcarroty:

I’d suggest to use Flatpak, it will be faster.

How flatpak solves the issue of building without internet access? I want to use proper packaging to mitigate issues related with pulling dependencies from external sources like npm registry at build time. Also, how do you know what versions are being used in the resulting flatpak?

Then is there a robot to trigger rebuild when a bundled dependency get updated?

If you bundle everything, it’s only up to you to keep bundled version updated. If you packaged it separately, you don’t need to rebuild anything.

Because webpack automatically bundle build-requirements, it seems like we would have to rebuild the web-interface to benefit from the update.

I’m not experienced with webpack, but why can’t it simply use libraries provided by system? But even if it bundles build-dependencies, you can easily query buildrequirements and rebuild your package. freshmaker was supposed to track such cases and rebuild modules, but I didn’t hear any plans about deploying it yet.

A bundled with tons of internal dependencies; It should not matter to you… example Chromiun bundles hard number of internal dependencies. The unique important is if your “web interface” uses a ffmpeg… Here a example of Atom with npm… And if someone comes with packaging rules; go to mourn elsewhere (warned).

I’m not experienced with webpack, but why can’t it simply use libraries provided by system? But even if it bundles build-dependencies, you can easily query buildrequirements and rebuild your package. freshmaker was supposed to track such cases and rebuild modules, but I didn’t hear any plans about deploying it yet.

Webpack can use libraries provided by the system. Thank you for introducing me to freshmaker, it seems like the right tool to manage bundled dependencies update.

paulcarroty:

Flatpak scripts can collect direct links of npm or another packages with their depends. The example

RPM was designed 20 years ago and just don’t care about modern technologies.

It doesn’t seems like RPM don’t care, you’ll have the same issue with other build system. The flatpack script you reference is using prebuilt binaries, how to tell what is bundled in this flatpack? How to rebuild it if those links disappear? And how to fix a security issue, such as the one recently found in event-stream?
I would like to stick to RPM since it is a battle tested solution for these sort of issues.

davidva:

A bundled with tons of internal dependencies

I guess we have no other choices :-). It doesn’t seems too bad, at least for react and patternfly, but it is a lot of work…